void NewPasswordRulesValidator_ServerValidate(
            object source,
            ServerValidateEventArgs args)
        {
            CustomValidator validator = source as CustomValidator;

            validator.ErrorMessage = string.Empty;

            if (args.Value.Length < Membership.MinRequiredPasswordLength)
            {
                args.IsValid = false;
                validator.ErrorMessage
                    += Resource.ChangePasswordMinimumLengthWarning
                       + Membership.MinRequiredPasswordLength.ToInvariantString() + "<br />";
            }

            if (!HasEnoughNonAlphaNumericCharacters(args.Value))
            {
                args.IsValid = false;
                validator.ErrorMessage
                    += Resource.ChangePasswordMinNonAlphanumericCharsWarning
                       + Membership.MinRequiredNonAlphanumericCharacters.ToInvariantString() + "<br />";
            }

            mojoMembershipProvider m = Membership.Provider as mojoMembershipProvider;

            if (siteUser.Password == m.EncodePassword(siteUser.PasswordSalt + txtNewPassword.Text, siteSettings))
            {
                args.IsValid            = false;
                validator.ErrorMessage += Resource.ChangePasswordNewMatchesOldWarning + "<br />";
            }
        }
Example #2
0
        public bool UsingCustomMachineKey()
        {
            mojoMembershipProvider mojoMembership = Membership.Provider as mojoMembershipProvider;

            if (mojoMembership != null)
            {
                string encoded = mojoMembership.EncodePassword(WebConfigSettings.TestDecryptedValueForDefaultMahineKey, MembershipPasswordFormat.Encrypted);
                if (encoded == WebConfigSettings.TestEncryptedValueForDefaultMahineKey)
                {
                    return(false);
                }
            }

            return(true);
        }
        void btnChangePassword_Click(object sender, EventArgs e)
        {
            Page.Validate("ChangePassword1");
            if (Page.IsValid)
            {
                siteUser.PasswordResetGuid = Guid.Empty;
                mojoMembershipProvider m = Membership.Provider as mojoMembershipProvider;
                siteUser.Password      = m.EncodePassword(siteSettings, siteUser, txtNewPassword.Text);
                siteUser.MustChangePwd = false;
                siteUser.Save();
                siteUser.UpdateLastPasswordChangeTime();

                WebUtils.SetupRedirect(this, redirectUrl);
                return;
            }
        }
        private void CreateUser(
            string openId,
            string email,
            string loginName,
            string name)
        {
            SiteUser newUser = new SiteUser(siteSettings);

            newUser.Email = email;

            if (loginName.Length > 50)
            {
                loginName = loginName.Substring(0, 50);
            }

            int i = 1;

            while (SiteUser.LoginExistsInDB(
                       siteSettings.SiteId, loginName))
            {
                loginName += i.ToString();
                if (loginName.Length > 50)
                {
                    loginName = loginName.Remove(40, 1);
                }
                i++;
            }
            if ((name == null) || (name.Length == 0))
            {
                name = loginName;
            }
            newUser.LoginName = loginName;
            newUser.Name      = name;
            //newUser.Password = SiteUser.CreateRandomPassword(7);
            mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;

            newUser.Password         = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
            newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
            newUser.PasswordAnswer   = Resource.ManageUsersDefaultSecurityAnswer;
            newUser.OpenIdUri        = openId;
            newUser.Save();
            if (siteSettings.UseSecureRegistration)
            {
                newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
            }

            mojoProfileConfiguration profileConfig
                = mojoProfileConfiguration.GetConfig();

            // set default values first
            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
                mojoProfilePropertyDefinition.SavePropertyDefault(
                    newUser, propertyDefinition);
            }

            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
                if ((propertyDefinition.RequiredForRegistration) || (propertyDefinition.ShowOnRegistration))
                {
                    mojoProfilePropertyDefinition.SaveProperty(
                        newUser,
                        pnlRequiredProfileProperties,
                        propertyDefinition,
                        timeOffset,
                        timeZone);
                }
            }

            // track user ip address
            UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());

            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);

            OnUserRegistered(u);

            CacheHelper.ClearMembershipStatisticsCache();

            NewsletterHelper.ClaimExistingSubscriptions(newUser);

            DoUserLogin(newUser);
        }
        void application_AuthenticateRequest(object sender, EventArgs e)
        {
            //if (debugLog) log.Debug("AuthHandlerHttpModule Application_AuthenticateRequest");

            if (sender == null)
            {
                return;
            }

            HttpApplication app = (HttpApplication)sender;

            if (app.Request == null)
            {
                return;
            }
            if (!app.Request.IsAuthenticated)
            {
                return;
            }

            if (WebUtils.IsRequestForStaticFile(app.Request.Path))
            {
                return;
            }
            if (app.Request.Path.ContainsCaseInsensitive(".ashx"))
            {
                return;
            }
            if (app.Request.Path.ContainsCaseInsensitive(".axd"))
            {
                return;
            }
            if (app.Request.Path.ContainsCaseInsensitive("setup/default.aspx"))
            {
                return;
            }


            //if (debugLog) log.Debug("IsAuthenticated == true");
            SiteSettings siteSettings;

            try
            {
                siteSettings = CacheHelper.GetCurrentSiteSettings();
            }
            catch (System.Data.Common.DbException ex)
            {
                // can happen during upgrades
                log.Error(ex);
                return;
            }
            catch (InvalidOperationException ex)
            {
                log.Error(ex);
                return;
            }
            catch (Exception ex)
            {
                // hate to trap System.Exception but SqlCeException doe snot inherit from DbException as it should
                if (DatabaseHelper.DBPlatform() != "SqlCe")
                {
                    throw;
                }
                log.Error(ex);
                return;
            }
            bool useFolderForSiteDetection = WebConfigSettings.UseFoldersInsteadOfHostnamesForMultipleSites;

            // Added by Haluk Eryuksel - 2006-01-23
            // support for Windows authentication
            if (
                (app.User.Identity.AuthenticationType == "NTLM") ||
                (app.User.Identity.AuthenticationType == "Negotiate")
                // || ( Context.User.Identity.AuthenticationType == "Windows" )
                )
            {
                //Added by Benedict Chan - 2008-08-05
                //Added Cookie here so that we don't have to check the users in every page, also to authenticate under NTLM with "useFolderForSiteDetection == true"
                string cookieName = "siteguid" + siteSettings.SiteGuid;
                if (!CookieHelper.CookieExists(cookieName))
                {
                    bool existsInDB;
                    existsInDB = SiteUser.LoginExistsInDB(siteSettings.SiteId, app.Context.User.Identity.Name);

                    if (!existsInDB)
                    {
                        SiteUser u = new SiteUser(siteSettings);
                        u.Name      = app.Context.User.Identity.Name;
                        u.LoginName = app.Context.User.Identity.Name;
                        u.Email     = GuessEmailAddress(u.Name);
                        u.Password  = SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars);

                        mojoMembershipProvider m = Membership.Provider as mojoMembershipProvider;
                        if (m != null)
                        {
                            u.Password = m.EncodePassword(siteSettings, u, u.Password);
                        }

                        u.Save();
                        NewsletterHelper.ClaimExistingSubscriptions(u);

                        UserRegisteredEventArgs args = new UserRegisteredEventArgs(u);
                        OnUserRegistered(args);
                    }

                    SiteUser siteUser = new SiteUser(siteSettings, app.Context.User.Identity.Name);
                    CookieHelper.SetCookie(cookieName, siteUser.UserGuid.ToString(), true);

                    //Copied logic from SiteLogin.cs  Since we will skip them if we use NTLM
                    if (siteUser.UserId > -1 && siteSettings.AllowUserSkins && siteUser.Skin.Length > 0)
                    {
                        SiteUtils.SetSkinCookie(siteUser);
                    }

                    // track user ip address
                    try
                    {
                        UserLocation userLocation = new UserLocation(siteUser.UserGuid, SiteUtils.GetIP4Address());
                        userLocation.SiteGuid = siteSettings.SiteGuid;
                        userLocation.Hostname = app.Request.UserHostName;
                        userLocation.Save();
                        log.Info("Set UserLocation : " + app.Request.UserHostName + ":" + SiteUtils.GetIP4Address());
                    }
                    catch (Exception ex)
                    {
                        log.Error(SiteUtils.GetIP4Address(), ex);
                    }
                }

                //End-Added by Benedict Chan
            }
            // End-Added by Haluk Eryuksel


            if ((useFolderForSiteDetection) && (!WebConfigSettings.UseRelatedSiteMode))
            {
                // replace GenericPrincipal with custom one
                //string roles = string.Empty;
                if (!(app.Context.User is mojoIdentity))
                {
                    app.Context.User = new mojoPrincipal(app.Context.User);
                }
            }
        }
Example #6
0
        private SiteUser CreateUser(
            string openId,
            string email,
            string loginName,
            string name,
            bool emailIsVerified)
        {
            SiteUser newUser = new SiteUser(siteSettings);

            newUser.Email = email;

            if (loginName.Length > 50)
            {
                loginName = loginName.Substring(0, 50);
            }

            int i = 1;

            while (SiteUser.LoginExistsInDB(
                       siteSettings.SiteId, loginName))
            {
                loginName += i.ToString();
                if (loginName.Length > 50)
                {
                    loginName = loginName.Remove(40, 1);
                }
                i++;
            }
            if ((name == null) || (name.Length == 0))
            {
                name = loginName;
            }
            newUser.LoginName = loginName;
            newUser.Name      = name;
            //newUser.Password = SiteUser.CreateRandomPassword(7);
            mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;

            newUser.Password         = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
            newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
            newUser.PasswordAnswer   = Resource.ManageUsersDefaultSecurityAnswer;
            newUser.OpenIdUri        = openId;
            newUser.Save();

            //test
            //emailIsVerified = false;

            if (siteSettings.UseSecureRegistration)
            {
                if (!emailIsVerified)
                {
                    newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
                }
            }



            mojoProfileConfiguration profileConfig
                = mojoProfileConfiguration.GetConfig();

            // set default values first
            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey)
                {
                    continue;
                }
                mojoProfilePropertyDefinition.SavePropertyDefault(
                    newUser, propertyDefinition);
            }

            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey)
                {
                    continue;
                }
                if ((propertyDefinition.RequiredForRegistration) || (propertyDefinition.ShowOnRegistration))
                {
                    mojoProfilePropertyDefinition.SaveProperty(
                        newUser,
                        pnlRequiredProfileProperties,
                        propertyDefinition,
                        timeOffset,
                        timeZone);
                }
            }

            // track user ip address
            UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());

            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);

            OnUserRegistered(u);

            CacheHelper.ClearMembershipStatisticsCache();

            // we'll map them next time they login
            //OpenIdRpxHelper rpxHelper = new OpenIdRpxHelper(rpxApiKey, rpxBaseUrl);
            //rpxHelper.Map(openId, newUser.UserGuid.ToString());

            DoSubscribe(newUser);

            NewsletterHelper.ClaimExistingSubscriptions(newUser);

            return(newUser);
        }
        private void CreateUser(string windowsLiveId)
        {
            SiteUser newUser = new SiteUser(siteSettings);

            newUser.WindowsLiveId = windowsLiveId;
            newUser.Name          = SecurityHelper.RemoveMarkup(txtUserName.Text);
            newUser.LoginName     = newUser.Name;
            newUser.Email         = txtEmail.Text;
            mojoMembershipProvider mojoMembership = (mojoMembershipProvider)Membership.Provider;

            newUser.Password = mojoMembership.EncodePassword(siteSettings, newUser, SiteUser.CreateRandomPassword(7, WebConfigSettings.PasswordGeneratorChars));
            //newUser.Password = SiteUser.CreateRandomPassword(7);
            newUser.PasswordQuestion = Resource.ManageUsersDefaultSecurityQuestion;
            newUser.PasswordAnswer   = Resource.ManageUsersDefaultSecurityAnswer;
            newUser.Save();
            if (siteSettings.UseSecureRegistration)
            {
                newUser.SetRegistrationConfirmationGuid(Guid.NewGuid());
            }

            mojoProfileConfiguration profileConfig
                = mojoProfileConfiguration.GetConfig();

            // set default values first
            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
#if !MONO
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey)
                {
                    continue;
                }
#endif
                mojoProfilePropertyDefinition.SavePropertyDefault(
                    newUser, propertyDefinition);
            }

            foreach (mojoProfilePropertyDefinition propertyDefinition in profileConfig.PropertyDefinitions)
            {
#if !MONO
                // we are using the new TimeZoneInfo list but it doesn't work under Mono
                // this makes us skip the TimeOffsetHours setting from mojoProfile.config which is not used under windows
                if (propertyDefinition.Name == mojoProfilePropertyDefinition.TimeOffsetHoursKey)
                {
                    continue;
                }
#endif
                if ((propertyDefinition.RequiredForRegistration) || (propertyDefinition.ShowOnRegistration))
                {
                    mojoProfilePropertyDefinition.SaveProperty(
                        newUser,
                        pnlRequiredProfileProperties,
                        propertyDefinition,
                        timeOffset,
                        timeZone);
                }
            }

            // track user ip address
            UserLocation userLocation = new UserLocation(newUser.UserGuid, SiteUtils.GetIP4Address());
            userLocation.SiteGuid = siteSettings.SiteGuid;
            userLocation.Hostname = Page.Request.UserHostName;
            userLocation.Save();

            UserRegisteredEventArgs u = new UserRegisteredEventArgs(newUser);
            OnUserRegistered(u);

            CacheHelper.ClearMembershipStatisticsCache();

            NewsletterHelper.ClaimExistingSubscriptions(newUser);

            DoUserLogin(newUser);
        }